extended embed settings
40Cybersecurity For Dummies, Palo Alto Networks EditionControl SSL in contextSocial networking sites are inadvertentlymaking it easier for malwareto remain hidden by movingto the default use of SSL to protectuser communications. Twitter hasrecently joined the ranks of fellowsocial media giants Facebook andGoogle by moving to more widespreadand default use of SSL toprotect their end-users’ information.Twitter recently announced thatusers can set a preference to secureall Twitter communication via HTTPS,which will in time become the defaultsetting for the Twitter service.This shift to default SSL encryptionhighlights a very real and importantchallenge for enterprise security thatboils down to this:✓ Social media applications continueto be the preferred pointof infection between enterprisenetworks and targeted attacks.✓ Organizations that lack the abilityto dynamically look withinor enforce security on SSLencryptedcommunications aremore or less blind to this potentiallymalicious traffic.The ramifications for enterprisesecurity are clear: If you can’t controlsocial media — and specificallysocial media that is SSL-encrypted,then you are leaving a clear pathopen for malware to get into andout of your network. The shift toSSL by default provides a moderateimprovement in privacy for theusers, but in the process makesthe enterprise far more vulnerableto organized attacks, lost data, andcompromised systems.Actively test unknown filesMalware and exploits are easily modified or customized byattackers so that their attack will not trigger known signatures.This flexibility is one of the key technologies that allows anadvanced attacker to gain a foothold within a target networkwithout arousing the suspicion of security.To address this shift by attackers, you need to integrate newtechnologies that can identify unknown threats based on howit behaves, not simply based on how it looks. This sort of activeanalysis can be performed by executing suspicious files in avirtual sandbox. A sandbox is a fully virtualized environmentwhere you can run and observe a suspect file to see what thefile really does, providing a way of detecting new threats.These materials are © 2014 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 4: What Next-Generation Security Brings to the Fight 41However, detection is only part of the battle. Enforcementagainst these threats is still needed in order to keep the networkand its users safe. This makes it critical for the activeanalysis malware to be tightly linked with the next-generationfirewall so that results of the analysis can be used for enforcement.Typically in-line enforcements include✓ Dynamic protections for newly identified unknown malware,zero-day exploits, and their variants.✓ Protections for related malware that may use the commandand control servers or infrastructure✓ Protections for threats that leverage the same commandand control strategy✓ Protections for threats that use related domains and URLsControl enabling applications by:✓ Blocking the use of known “bad” applications, such asP2P file-sharing✓ Limiting application usage to users and groups that havea legitimate and approved business need✓ Disabling specific features in risky applications, such asfile transfers, desktop sharing, and tunneling✓ Preventing drive-by-downloads from compromised webpages that automatically download malicious files withoutthe user’s knowledge✓ Decrypting SSL traffic selectively, based on applicationand URL categories (for example, decrypt social networkingand webmail, but not financial traffic)✓ Inspecting and enforcing any risky application traffic thatis permitted using a next-generation firewall that providestruly integrated intrusion and threat prevention,malware protection, and URL filteringPrevent use of circumventorsCommon end-user and Web 2.0 applications can be co-optedby malware for use against the enterprise. Equally important,These materials are © 2014 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.